import of site collections should be protected
it seems that anybody can import collections in an instance : this should be reserved to instance administrators or it will be a mess
export can be public
also I don't find the URL http://localhost:7319/services/csv/ very meaningful (think I raised this somewhere else so may be redundant). Replace with sth like :